Bug 1025193 - (CVE-2016-5100) VUL-0: CVE-2016-5100: froxlor: Uses the PHP rand function for random number generation
(CVE-2016-5100)
VUL-0: CVE-2016-5100: froxlor: Uses the PHP rand function for random number g...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other All
: P3 - Medium : Normal
: ---
Assigned To: Andrej Semen
Security Team bot
https://smash.suse.de/issue/180417/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-14 09:45 UTC by Matthias Gerstner
Modified: 2021-03-19 23:19 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2017-02-14 09:45:40 UTC
Froxlor before 0.9.35 uses the PHP rand function for random number generation,
which makes it easier for remote attackers to guess the password reset token by
predicting a value.

Upstream commit:

https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5100
Comment 1 Matthias Gerstner 2017-02-14 09:47:13 UTC
The weak random data is still used in Leap 42.{1,2,3}:

openSUSE:Leap:42.1:Update/froxlor/froxlor/index.php: $first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
openSUSE:Leap:42.2:Update/froxlor/froxlor/index.php: $first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
openSUSE:Leap:42.3/froxlor/froxlor/index.php:        $first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);

opsenSUSE:Factory::froxlor already contains the fix.
Comment 2 Swamp Workflow Management 2017-02-14 23:00:45 UTC
bugbot adjusting priority
Comment 3 Johannes Segitz 2017-08-01 10:38:25 UTC
Please submit for this issue
Comment 4 Andrej Semen 2018-06-07 11:11:24 UTC
Fixed upstream in previous version of froxlor 0.9.39
Comment 5 Swamp Workflow Management 2019-07-11 16:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1025193) was mentioned in
https://build.opensuse.org/request/show/714684 Factory / froxlor
Comment 6 OBSbugzilla Bot 2021-02-02 14:10:07 UTC
This is an autogenerated message for OBS integration:
This bug (1025193) was mentioned in
https://build.opensuse.org/request/show/868664 15.2 / froxlor
Comment 7 Swamp Workflow Management 2021-03-16 17:17:31 UTC
openSUSE-SU-2021:0415-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 1025193,1082318,846355,958100
CVE References: CVE-2016-5100
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    froxlor-0.10.23-lp152.4.3.1
Comment 8 Swamp Workflow Management 2021-03-19 23:19:03 UTC
openSUSE-SU-2021:0450-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 1025193,1082318,846355,958100
CVE References: CVE-2016-5100
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    froxlor-0.10.23-bp152.4.3.1